Hi all,
Over the weekend I made some hacks to Cobbler that could be useful to
other people, so if there is interest I'll clean it up a bit and submit
a patch. Below is a description of the issue and what I did (apologies
in advance, it's long).
Scenario:
We have several thousand machines spread over 3-4 locations. We use
Cobbler to provision these machines, and manage DHCP and DNS (all sites
share a single domain name). We use Puppet for config management.
We're moving towards IPv6 for various reasons. In the near term we'll be
running dual-stack, so any IPv6 configuration that needs to happen can
be tacked on via Puppet.
Again for various reasons, we're not going to do IPv6 autoconfiguration
(DNS is difficult with this, for one). So that leaves DHCPv6.
As far as I can tell, the IPv6 fields in Cobbler don't really do
anything at the moment. (We run 2.2.1 from EPEL, but I didn't see
anything to indicate this is changed for a newer version - though I may
be wrong!).
Complicating factors:
From reading various docs it looks like the current ISC DHCPd
doesn't
support both IPv6 and IPv4 at the same time. Therefore it's
necessary to
create a separate config file (dhcpd6.conf) and run a second instance of
the daemon with this config.
A second issue is that DHCPv6 implies the use of a unique client
identifier (DUID). The DUID is generated by the client, and in the case
of DUID-LLT which includes the time of generation, does not persist
between reinstalls. DHCPv6 does support DUID-LL (just the MAC address),
but DUIDs are unique per machine, not per interface, so that can cause
problems in some situations unless care is taken.
The terrible hack:
ISC DHCPd lets you use the MAC address (or anything you want, really)
instead of the DUID to identify v6 clients. Since we depend on having
the MAC address available for v4 DHCP, I don't see too much harm in
using this for IPv6 address allocation as well. Proxied DHCP will break
of course, but DHCPv6 addresses that via some other mechanism anyway.
So what I did was essentially add a module to generate dhcpd6.conf
(using MAC addresses and IPv6 addresses configured in Cobbler) in
parallel with dhcpd.conf, and manage the dhcpd6 service. I added a
parameter to the settings file "manage_dhcp6" to enable/disable this
behavior.
I realize this isn't the "IPv6 way", but in the short term it suits our
needs pretty well. I imagine the standards and what not will get
straightened out once there is wider adoption...bit of a catch-22 if you
ask me.
Thoughts, comments, flames etc welcome.
Best,
Dan